Vita hack: How Ninja releases work

March 17, 2013

It’s a recurring question we get whenever there’s a hack in approach. Given the nature of the exploits we release, we have to be careful in the process, in a way to provide enough time for as many people as possible to get the hack.

With a process we started more than a year ago with the first VHBL release (that was an exploit in Motorstorm), hackers are regularly releasing exploits for the Vita (exploits within the PSP emulator actually) on this site.

PSP exploits on the Vita all follow the same pattern: a hacker hijacks the savedata of a given PSP game, in order to take control of the PSP system within the emulator. This allows us, depending on the hack, to run either a homebrew loader such as VHBL, or an emulator Custom Firmware such as CEF or ARK.

Vulnerabilities are pretty common in PSP games, but they used to be more convenient to leverage when these games were available on UMD. Today, as PSP games for the Vita can only be purchased online through the PSN, it is very easy for Sony to simply remove any game from the store if they find that it is used as a vector for a hack. They’ve actually been doing exactly that for the past 8 exploits that were released last year, by pulling the incriminated game mere hours after the hack public announcement.

To counterbalance that, we use a system where we let trusted people know about the exploited game in advance. We then progressively increase the number of people who know about the game, until a point where we announce the exploited game publicly. We do not release the actual exploit on the day of the announcement, in the hope that this could delay Sony’s decision to pull the game, but history have proven that they trust the content of this blog even more than some of our readers

The rules we put in place to choose the people who are able to know about the exploit in advance have become complex with time, but the principle is overall simple: members of our forum at /talk get to know about the exploit before the general audience. Within our members too, there is a system of priority which I won’t detail here. Bottom line, if you are part of our community and have been acting “normally”, there are good chances you’ll know about the exploit early enough. Even if you are not part of the privileged people who know about the game long enough in advance, all members of our forums (except people who’ve had warnings) end up getting the information at least several hours before the public announcement.

I’ve described this system many times already. It is of course far from perfect, but it’s the best we’ve found so far. I initially described it in this article, which explains in more details lots of the reasons behind this release process. Another good resource is our ninja releases sticky thread on the forum. Can’t get any clearer than that